internal void ResolveManagementAgent()
{
try
{
Guid?id = Global.FindManagementAgent(this.ManagementAgentName, this.ManagementAgentID);
if (id.HasValue)
{
ManagementAgent ma = ManagementAgent.GetManagementAgent(id.Value);
this.ManagementAgentName = ma.Name;
this.ManagementAgentID = ma.ID;
this.IsMissing = false;
this.ResolvePartitions(ma);
return;
}
}
catch (Exception ex)
{
logger.Error(ex, $"Exception finding management agent {this.ManagementAgentID}/{this.ManagementAgentName}");
}
logger.Warn($"Management agent could not be found. Name: '{this.ManagementAgentName}'. ID: '{this.ManagementAgentID}'");
this.IsMissing = true;
}
public ScheduledExecutionTrigger(ManagementAgent ma)
{
this.RunProfileName = ma.RunProfiles?.Select(u => u.Key).FirstOrDefault();
this.Interval = new TimeSpan(24, 0, 0);
this.StartDateTime = DateTime.Now;
this.StartDateTime = this.StartDateTime.AddSeconds(-this.StartDateTime.Second);
}
public void Provision(MVEntry mventry)
{
string maName = "ADMA";
ManagementAgent ma = mventry.ConnectedMAs[maName];
//begin changes
if (mventry.ConnectedMAs[maName].Connectors.Count == 0)
{
//provision new AD object
if (mventry["uid"].IsPresent && mventry["accountName"].IsPresent && mventry["ou"].IsPresent)
{
string cn = string.Format("CN={0}", mventry["uid"].StringValue);
ReferenceValue dn = mventry.ConnectedMAs[maName].EscapeDNComponent(cn).Concat(mventry["ou"].StringValue);
CSEntry adCSentry = mventry.ConnectedMAs[maName].Connectors.StartNewConnector("user");
adCSentry.DN = dn;
string pwd = GenerateRandomString(32);
adCSentry["unicodePwd"].Value = pwd;
//Log.Debug(pwd);
adCSentry["SamAccountName"].StringValue = mventry["AccountName"].StringValue;
adCSentry.CommitNewConnector();
}
}
else
{
//rename existing AD object
CSEntry adCSentry = mventry.ConnectedMAs[maName].Connectors.ByIndex[0];
ReferenceValue newDn = mventry.ConnectedMAs[maName].EscapeDNComponent(string.Format("Cn={0}", mventry["uid"].StringValue)).Concat(mventry["ou"].StringValue);
adCSentry.DN = newDn;
}
}
public IList <string> GetManagementAgentRunProfileNamesForPartition(Guid managementAgentID, Guid partitionID, bool includeMultiStep)
{
List <string> items = new List <string>();
try
{
ManagementAgent ma = ManagementAgent.GetManagementAgent(managementAgentID);
foreach (KeyValuePair <string, RunConfiguration> i in ma.RunProfiles.Where(t => includeMultiStep || t.Value.RunSteps.Count == 1))
{
if (partitionID != Guid.Empty)
{
if (i.Value.RunSteps.Any(t => t.Partition == partitionID))
{
items.Add(i.Key);
}
}
else
{
items.Add(i.Key);
}
}
}
catch (Exception ex)
{
logger.Error(ex, "A request to get the run profile names failed");
}
return(items);
}
private bool CreateADAccount(MVEntry mventry)
{
ConnectedMA ManagementAgent;
ReferenceValue dn;
CSEntry csentry;
string OU = "OU=Users,OU=CCLAB,DC=cclab,DC=xyz";
string accountName;
string relativeDN;
string pass;
ManagementAgent = mventry.ConnectedMAs["AD-CCLAB"];
if (mventry["accountName"].IsPresent)
{
accountName = mventry["accountName"].Value;
relativeDN = "CN=" + accountName;
dn = ManagementAgent.EscapeDNComponent(relativeDN).Concat(OU);
pass = "******" + mventry["Pesel"].Value;
csentry = ManagementAgent.Connectors.StartNewConnector("user");
csentry.DN = dn;
csentry["sAMAccountName"].Value = accountName;
csentry["unicodePWD"].Value = pass;
csentry["pwdLastSet"].IntegerValue = 0;
csentry["userAccountControl"].IntegerValue = 0x0200;
csentry["userPrincipalName"].Value = accountName + "@cclab.xyz";
csentry.CommitNewConnector();
return(true);
}
else
{
return(false);
}
}
private void AddMissingManagementAgents()
{
foreach (ManagementAgent ma in ManagementAgent.GetManagementAgents())
{
bool found = false;
foreach (MAControllerConfiguration config in this.ManagementAgents)
{
if (config.ManagementAgentID == ma.ID)
{
found = true;
break;
}
}
if (!found)
{
MAControllerConfiguration p = new MAControllerConfiguration(ma.Name, ma.ID);
p.Disabled = true;
p.ResolvePartitions(ma);
MAConfigDiscovery.AddDefaultTriggers(p, ma);
this.ManagementAgents.Add(p);
}
}
}
public ActiveDirectoryChangeTrigger(ManagementAgent ma)
{
if (!ActiveDirectoryChangeTrigger.CanCreateForMA(ma))
{
throw new InvalidOperationException("The specified management agent is not an AD or LDS management agent");
}
this.LastLogonTimestampOffset = new TimeSpan(0, 5, 0);
this.MinimumIntervalBetweenEvents = new TimeSpan(0, 1, 0);
this.UseExplicitCredentials = false;
string privateData = ma.ExportManagementAgent();
XmlDocument d = new XmlDocument();
d.LoadXml(privateData);
XmlNode partitionNode = d.SelectSingleNode("/export-ma/ma-data/ma-partition-data/partition[selected=1 and custom-data/adma-partition-data[is-domain=1]]");
if (partitionNode == null)
{
return;
}
this.HostName = partitionNode.SelectSingleNode("custom-data/adma-partition-data/name")?.InnerText;
this.BaseDN = partitionNode.SelectSingleNode("custom-data/adma-partition-data/dn")?.InnerText;
this.ObjectClasses = partitionNode.SelectNodes("filter/object-classes/object-class")?.OfType <XmlElement>().Where(t => t.InnerText != "container" && t.InnerText != "domainDNS" && t.InnerText != "organizationalUnit").Select(u => u.InnerText).ToArray();
}
internal void ResolvePartitions(ManagementAgent ma)
{
if (this.Partitions == null)
{
this.Partitions = new PartitionConfigurationCollection();
}
foreach (PartitionConfiguration c in this.Partitions)
{
bool found = false;
foreach (Partition p in ma.Partitions.Values.Where(t => t.Selected))
{
if (c.ID == p.ID || string.Equals(c.Name, p.Name, StringComparison.OrdinalIgnoreCase))
{
c.UpdateConfiguration(p);
found = true;
break;
}
}
if (!found)
{
c.IsMissing = true;
}
}
foreach (Partition p in ma.Partitions.Values.Where(t => t.Selected && this.Partitions.GetItemOrNull(t.ID) == null))
{
PartitionConfiguration c = new PartitionConfiguration(p);
MAConfigDiscovery.DoAutoRunProfileDiscovery(c, ma);
this.Partitions.Add(c);
}
}
public FimServicePendingImportTrigger(ManagementAgent ma)
{
if (!FimServicePendingImportTrigger.CanCreateForMA(ma))
{
throw new InvalidOperationException("The specified management agent is not a MIM Service MA");
}
this.HostName = FimServicePendingImportTrigger.GetFimServiceHostName(ma);
this.Interval = TimeSpan.FromSeconds(60);
}
internal static IEnumerable <ManagementAgent> GetManagementAgents()
{
maCache.Clear();
foreach (ManagementAgent ma in ManagementAgent.GetManagementAgents())
{
maCache.Add(ma.Name, ma);
}
return(maCache.Values);
}
public async Task RemoveConnection()
{
try
{
await ManagementAgent.DeleteProfileAsync(ActiveProfile);
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
}
}
private bool AreDNsEqual(ReferenceValue dn1, ReferenceValue dn2, ManagementAgent ma, bool strictCompare)
{
if (strictCompare)
{
Tracer.TraceInformation("performing-strict-DN-comparison");
return(dn1.ToString() == dn2.ToString());
}
else
{
Tracer.TraceInformation("performing-RFC-compliant-DN-comparison");
return(dn1.Equals(dn2));
}
}
private static bool IsSourceMA(ManagementAgent ma)
{
string madata = ma.ExportManagementAgent();
XmlDocument d = new XmlDocument();
d.LoadXml(madata);
int eafCount = d.SelectNodes("/export-ma/ma-data/export-attribute-flow/export-flow-set/export-flow")?.Count ?? 0;
int iafCount = d.SelectNodes($"/export-ma/mv-data/import-attribute-flow/import-flow-set/import-flows/import-flow[@src-ma='{ma.ID.ToString("B").ToUpper()}']")?.Count ?? 0;
return(iafCount > eafCount);
}
public IMAExecutionTrigger CreateTriggerForManagementAgent(string type, Guid managementAgentID)
{
ManagementAgent ma = ManagementAgent.GetManagementAgent(managementAgentID);
Type t = Type.GetType(type);
if (t == null)
{
throw new InvalidOperationException($"Could not create trigger for management agent {ma.Name} because the type {type} was unknown");
}
IMAExecutionTrigger instance = (IMAExecutionTrigger)Activator.CreateInstance(t, ma);
return(instance);
}
private void InitializeMAControllers()
{
this.controllers = new Dictionary <Guid, MAController>();
foreach (ManagementAgent ma in ManagementAgent.GetManagementAgents())
{
MAController x = new MAController(ma);
x.StateChanged += this.X_StateChanged;
x.RunProfileExecutionComplete += this.X_RunProfileExecutionComplete;
x.MessageLogged += this.X_MessageLogged;
this.controllers.Add(ma.ID, x);
}
}
internal static void AddDefaultTriggers(MAControllerConfiguration config, ManagementAgent ma)
{
switch (ma.Category)
{
case "FIM":
FimServicePendingImportTrigger t1 = new FimServicePendingImportTrigger(ma);
config.Triggers.Add(t1);
break;
case "ADAM":
case "AD":
ActiveDirectoryChangeTrigger t2 = new ActiveDirectoryChangeTrigger(ma);
config.Triggers.Add(t2);
break;
}
}
private Guid?GetPartitionFromRunProfile(string runProfileName, ManagementAgent ma)
{
if (runProfileName == null)
{
return(null);
}
if (!ma.RunProfiles.ContainsKey(runProfileName))
{
return(null);
}
RunConfiguration r = ma.RunProfiles[runProfileName];
return(r.RunSteps?.FirstOrDefault()?.Partition);
}
protected override void ProcessRecord()
{
ManagementAgent instance = this.MAInstance;
if (instance == null)
{
foreach (ManagementAgent ma in MiisController.GetManagementAgents())
{
ma.SuppressFullSyncWarning();
}
}
else
{
instance.SuppressFullSyncWarning();
}
}
protected override void ProcessRecord()
{
if (string.IsNullOrWhiteSpace(this.Name))
{
foreach (ManagementAgent ma in MiisController.GetManagementAgents())
{
this.WriteObject(ma);
}
}
else
{
using (ManagementAgent ma = MiisController.GetManagementAgent(this.Name, this.Reload.IsPresent))
{
this.WriteObject(ma);
}
}
}
public async Task <VpnManagementConnectionStatus> Connect(Server server)
{
VpnNativeProfile profile = new VpnNativeProfile()
{
AlwaysOn = true,
NativeProtocolType = VpnNativeProtocolType.IpsecIkev2,
ProfileName = Constants.connectionProfileName,
RememberCredentials = false,
RequireVpnClientAppUI = false,
RoutingPolicyType = VpnRoutingPolicyType.ForceAllTrafficOverVpn,
TunnelAuthenticationMethod = VpnAuthenticationMethod.Eap,
UserAuthenticationMethod = VpnAuthenticationMethod.Eap,
//load eap from xml placed at assembly folder
EapConfiguration = File.ReadAllText(Path.Combine(Windows.ApplicationModel.Package.Current.InstalledLocation.Path, @"profile.xml"))
};
profile.Servers.Add(server.serverAddress);
PasswordCredential credentials = new PasswordCredential
{
UserName = server.eap_name,
Password = server.eap_secret
};
VpnManagementErrorStatus profileStatus = await ManagementAgent.AddProfileFromObjectAsync(profile);
if (profileStatus == VpnManagementErrorStatus.Ok)
{
VpnManagementErrorStatus connectStatus = await ManagementAgent.ConnectProfileWithPasswordCredentialAsync(profile, credentials);
if (connectStatus == VpnManagementErrorStatus.Ok)
{
ActiveProfile = profile;
return(profile.ConnectionStatus);
}
else
{
throw new Exception("Connetion failed");
}
}
else
{
throw new Exception("VPN profile add failed");
}
}
public async Task Disconnect()
{
if (ActiveProfile != null)
{
if (VpnManagementErrorStatus.Ok == await ManagementAgent.DisconnectProfileAsync(ActiveProfile))
{
await RemoveConnection();
}
else
{
throw new Exception("Could not disconnect");
}
}
else
{
throw new Exception("Active profile not valid");
}
}
internal static ManagementAgent GetManagementAgent(string name, bool reload)
{
if (reload || !maCache.ContainsKey(name))
{
ManagementAgent ma = ManagementAgent.GetManagementAgent(name);
if (!maCache.ContainsKey(name))
{
maCache.Add(ma.Name, ma);
}
else
{
maCache[ma.Name] = ma;
}
}
return(maCache[name]);
}
public IList <string> GetAllowedTriggerTypesForMA(Guid managementAgentID)
{
List <string> allowedTypes = new List <string>();
ManagementAgent ma = ManagementAgent.GetManagementAgent(managementAgentID);
foreach (Type t in Assembly.GetExecutingAssembly().GetTypes()
.Where(mytype => mytype.GetInterfaces().Contains(typeof(IMAExecutionTrigger))))
{
MethodInfo i = t.GetMethod("CanCreateForMA");
if (i != null)
{
if ((bool)i.Invoke(null, new object[] { ma }))
{
allowedTypes.Add(t.FullName);
}
}
}
return(allowedTypes);
}
internal void ResolvePartitions(ManagementAgent ma)
{
if (this.Partitions == null)
{
this.Partitions = new PartitionConfigurationCollection();
}
foreach (PartitionConfiguration c in this.Partitions)
{
bool found = false;
foreach (Partition p in ma.Partitions.Values.Where(t => t.Selected))
{
if (c.ID == p.ID || string.Equals(c.Name, p.Name, StringComparison.OrdinalIgnoreCase))
{
logger.Trace($"Matched existing partition {c.ID}/{p.ID}/{c.Name}/{p.Name}");
c.UpdateConfiguration(p);
found = true;
break;
}
}
if (!found)
{
logger.Trace($"Partition is missing from MA {c.ID}/{c.Name}");
c.IsMissing = true;
}
}
foreach (Partition p in ma.Partitions.Values.Where(t => t.Selected && this.Partitions.GetItemOrNull(t.ID) == null))
{
logger.Trace($"New partition found in MA {p.ID}/{p.Name}");
PartitionConfiguration c = new PartitionConfiguration(p);
MAConfigDiscovery.DoAutoRunProfileDiscovery(c, ma);
this.Partitions.Add(c);
}
logger.Trace($"{this.Partitions.Count} partitions are defined for the controller");
}
public async Task <VpnManagementConnectionStatus> GetStatusAsync()
{
var list = await ManagementAgent.GetProfilesAsync();
foreach (var profile in list)
{
if (profile is VpnNativeProfile)
{
var servers = await ConfigurationManager.GetServers();
foreach (var server in servers)
{
if (profile.ProfileName == Constants.connectionProfileName)
{
VpnNativeProfile nativeProfile = (VpnNativeProfile)profile;
try
{
var status = nativeProfile.ConnectionStatus;
if (status == VpnManagementConnectionStatus.Connected)
{
ActiveProfile = nativeProfile;
return(status);
}
return(status);
}
catch (Exception)
{
await ManagementAgent.DeleteProfileAsync(nativeProfile);
return(VpnManagementConnectionStatus.Disconnected);
}
}
}
}
}
return(VpnManagementConnectionStatus.Disconnected);
}
public IntervalExecutionTrigger(ManagementAgent ma)
{
this.RunProfileName = ma.RunProfiles?.Select(t => t.Key).FirstOrDefault();
this.Interval = new TimeSpan(0, 15, 0);
}
public static bool CanCreateForMA(ManagementAgent ma)
{
return(true);
}
public static bool CanCreateForMA(ManagementAgent ma)
{
return(ma.Category.Equals("FIM", StringComparison.OrdinalIgnoreCase));
}
private static string GetFimServiceHostName(ManagementAgent ma)
{
XmlNode privateData = ma.GetPrivateData();
return(privateData.SelectSingleNode("fimma-configuration/connection-info/serviceHost")?.InnerText);
}
public PowerShellExecutionTrigger(ManagementAgent ma)
{
this.ExceptionBehaviour = ExecutionErrorBehaviour.Terminate;
this.Interval = new TimeSpan(0, 0, 30);
}
